package com.fengxing.ams.web.security;

import java.io.Serializable;

import javax.annotation.PostConstruct;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import com.fengxing.ams.web.facade.intf.IAccountFacade;
import com.fengxing.ams.web.facade.mouble.user.MenuVO;
import com.fengxing.ams.web.facade.mouble.user.RoleVO;
import com.fengxing.ams.web.facade.mouble.user.UserVO;
import com.fengxing.ams.web.security.utils.PasswordUtil;

public class SystemAuthorizingRealm extends AuthorizingRealm {
	@Autowired
	private IAccountFacade accountFacade;

	/**
	 * 认证回调函数,登录时调用.
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		String userName = token.getUsername();
		if (userName == null)
			throw new AccountException(
					"Null usernames are not allowed by this realm.");
		UserVO user = accountFacade.findUserByEmail(token.getUsername());

		if (user == null)
			throw new AccountException("No account found for user [" + userName
					+ "]");
		SimpleAuthenticationInfo sai = new SimpleAuthenticationInfo(
				new ShiroUser(user), user.getPassword(), getName());
		return sai;
	}

	/**
	 * 自定义Authentication对象，使得Subject除了携带用户的登录名外还可以携带更多信息.
	 */
	public static class ShiroUser implements Serializable {
		private static final long serialVersionUID = -1373760761780840081L;
		private Long id;
		private String name;
		private String email;
		private UserVO userVO;

		public ShiroUser(UserVO user) {
			this.id = user.getUserId();
			this.email = user.getEmail();
			this.name = user.getName();
			this.userVO = user;
		}

		public Long getId() {
			return id;
		}

		public String getName() {
			return name;
		}

		public String getEmail() {
			return email;
		}

		public UserVO getUserVO() {
			return userVO;
		}

		public void setUserVO(UserVO userVO) {
			this.userVO = userVO;
		}

		/**
		 * 重载equals,只计算loginName;
		 */
		@Override
		public boolean equals(Object obj) {
			if (this == obj) {
				return true;
			}
			if (obj == null) {
				return false;
			}
			if (getClass() != obj.getClass()) {
				return false;
			}
			ShiroUser other = (ShiroUser) obj;
			if (email == null) {
				if (other.email != null) {
					return false;
				}
			} else if (!email.equals(other.email)) {
				return false;
			}
			return true;
		}
	}

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
		// TODO Auto-generated method stub
		return null;
	}
}
